June 3, 2022

Key Takeaways from the Open Source Software Security Summit II

Monica Maher, Vice President, Cyber Defense; Tim Douglas, Managing Director, SDLC & Runtime Production Engineering; Rob Underwood, Vice President, Global Open Source Program Lead

Building on the launch of our Open Source Program Office (OSPO) and the firm's statement on supporting the Open Source Security Foundation (OpenSSF), Goldman Sachs participated in the Open Source Software Security Summit II on May 12-13 in Washington, D.C. The Summit, convened by OpenSSF and the Linux Foundation, took place on the one year anniversary of the White House Executive Order on Cybersecurity, and was organized to further coordinate public and private sector efforts to support the directives of that order. Specifically, the Summit brought together security executives from technology companies, government, and open source communities to announce and discuss the Open Source Software Security Mobilization Plan. The plan outlines 3 distinct goals and 10 work streams for achieving those goals:

  1. Securing Open Source Software (OSS) Production: Focus on preventing security defects and vulnerabilities in code and open source packages.
  2. Improving Vulnerability Discovery and Remediation: Improve the process for finding defects and fixing them.
  3. Shorten Ecosystem Patching Response Time: Shorten the response time for distributing and implementing fixes.

The Summit provided an opportunity to engage directly with peers from Atlassian, Cisco, GitHub, Google, Intel, Microsoft, as well as other financial industry participants including Citi, Fidelity, JP Morgan Chase, and Morgan Stanley, to collaborate on priorities. As both a contributor and end user of open source software, Goldman Sachs is committed to collaborating on these collective efforts to improve and strengthen the OSS ecosystem. We will continue to work with peers on the work streams and identify ways to address supply chain security challenges.

See https://www.gs.com/disclaimer/global_email for important risk disclosures, conflicts of interest, and other terms and conditions relating to this blog and your reliance on information contained in it.

This site is for informational purposes only and does not constitute an offer to sell, or the solicitation of an offer to buy, any security. The Goldman Sachs Marquee® platform is for institutional and professional clients only. Some of the services and products described on this site may not be available in certain jurisdictions or to certain types of client. Please contact your Goldman Sachs sales representative with any questions. Nothing on this site constitutes an offer, or an invitation to make an offer from Goldman Sachs to purchase or sell a product. This site is given for purely indicative purposes and does not create any contractual relationship between you and Goldman Sachs. Any market information contained on the site (including but not limited to pricing levels) is based on data available to Goldman Sachs at a given moment and may change from time to time. There is no representation that any transaction can or could have been effected on such terms or at such prices. Please see https://www.goldmansachs.com/disclaimer/sec-div-disclaimers-for-electronic-comms.html for additional information. © 2023 Goldman Sachs. All rights reserved.
Transaction Banking services are offered by Goldman Sachs Bank USA (“GS Bank”). GS Bank is a New York State chartered bank, a member of the Federal Reserve System and a Member FDIC. © 2023 Goldman Sachs. All rights reserved.
Not all products and functionality mentioned on this website are currently available through our API platform.
All loans and deposit products are provided by Goldman Sachs Bank USA, Salt Lake City Branch. Member FDIC.
Brokerage and investment advisory services offered by our investment products are provided by Goldman Sachs & Co. LLC (`‘GS&CO.`’), which is an SEC registered broker-dealer and investment adviser, and member FINRA/SIPC. Research our firm at FINRA's BrokerCheck. Custody and clearing services are provided by Apex Clearing Corporation, a registered broker-dealer and member FINRA/SIPC. Please consider your objectives before investing. A diversified portfolio does not ensure a profit or protect against a loss. Past performance does not guarantee future results. Investment outcomes and projections are forward-looking statements and hypothetical in nature. Neither this website nor any of its contents shall constitute an offer, solicitation, or advice to buy or sell securities in any jurisdictions where GS&Co. is not registered. Any information provided prior to opening an investment account is on the basis that it will not constitute investment advice and that GS&Co. is not a fiduciary to any person by reason of providing such information. For more information about our investment offerings, visit our Full Disclosures.